GDPR - Netbull Methodology
Our company is specialized in information security and has a holistic approach to the GDPR compliance of companies that collect, maintain and handle personal data. The approach contains assessment services, implementation of protection countermeasures and security systems monitoring on 24 hour basis.
In the implementation of our holistic approach we:
MAP/CLASSIFY OF PERSONAL DATA & EVALUATE THE IMPACTS ON PRIVACY
Personal Data Mapping & Flow
The mapping and flow of personal data processed by the company/organization is based on data collection through interviews with all organizational units repsesentatives, and/or the use of a specialized software. These information are evaluated by data protection specialists of our company.
Legal and Regulatory Framework for Information Security
The Legal Auditing is based on the findings of the data mapping and flow in relation to their current uses and concerns:
- Privacy Notices
- Consent Forms
- Privacy clauses in agreements/contracts with business partners, suppliers and customers
- Data transfers within and outside the EU
- Processing of employees personnel data
- Applied procedures / existing policies including the process of Threat, Cause and Risk Management falling within the scope of EU Regulation 2016/679 (GDPR)
Where required, specific modifications will be proposed to comply with the GDPR Regulation.
Gap Analysis & Compliance Plan
Detection and analysis of non-compliances in the practices and procedures applied to the handling of personal data in relation to regulatory requirements in the following pillars:
- Personal Data Processing Principles
- Protection of Freedom and Subjects Rights
- Personal Data (Privacy) Management
- Security (Technological Protection Mechanisms)
- Organizational structure
- Policies and Procedures
- Supervision and continuous improvement
Each pillar consists of a set of countermeasures that are deemed necessary to address and manage the risk and which should be implemented.
The compliance plan also includes a range of options and alternatives to provide flexibility in its implementation.
Privacy Impact Assessment (PIA)
A study to identify privacy data and provide measures to minimize the privacy risks in an organization (Data Controller or Data Processor). It includes the data Investigation & Classification process identifying what data is sensitive, where it resides, how it’s being used, how can you apply the right policies and controls to protect them.
IMPLEMENT POLICIES, PROCEDURES & TECHNOLOGIES
Documentation of the Personal Data Protection System
The Personal Data Protection System includes methodology, strategy and a set of policies, procedures and security measures in order to protect the subject’s information and privacy.
The documentation contains the risk management material resulting from the personal data processes of the company / organization (Controller or Processor). The goal is to implement an effective and efficient plan to protect the company's personal data and information systems that maintain and process this data.
The system is based on:
- Organization of data protection
- Adoption and implementation of data protection measures
- Training, awareness and utilization of human resources to improve data protection
- Use of IT systems and security, technical methods and other tools to support and improve data protection.
Data Loss or Leakage Prevention
An integrated and comprehensive solution, featuring encryption, removable media and gateway protection, centralized monitoring and reporting. The approach is data-centric which delivers data security and actionable insight about data at rest, in motion, and in use across the entire organization. Non-invasive network technology discovers data wherever it resides and in multiple formats. The solution drives down operating costs through its form factor and sophisticated, built-in data analytics tools that make it easier to identify potential problems and refine policies as needed so you can respond quickly to the changing data, policy, and regulations landscape.
Database and file protection
The solution provides activity monitoring, and cognitive analytics to discover unusual activity around sensitive data in database or in files and file systems. It also prevents unauthorized data access, provides alerts on suspicious activities, automates compliance workflows, and protects against internal and external threats. The continuous monitoring and real-time security policies protect data across an organization, without changes or performance impacts to data sources or applications.
PROVIDE TOTAL SECURITY SERVICES
24x7 Real Time Threat Management
Netbull’s 24x7 Real Time Threat Management (RTTM) service beyond traditional monitoring security services, provides the human view of a security expert to the provision of Security Information Events Management.
Through this service, we provide event and alert real-time monitoring of security devices, of data loss / leakage prevention and endpoint protection systems, of application servers and storage devices. So, in the event of an incident, our response assistance provides all necessary information and insight around a verified incident, as well as guidelines and recommendations on its handling.
Netbull Threat Management Platform
Netbull Security Operation Center (nSOC)
- To implement our services, we use the Netbull Threat Management platform (based on IBM QRadar) that includes the following subsystems: SOC Console, Threat Intelligence, Early Warning Intrusion Detection, User Behavior Analysis, Vulnerability Management, and Ticketing.
This intelligent technology platform provides our security analysts with the framework needed to eradicate false positives and alerts you of real threats.
- Netbull provides these specialized services for the security of information systems through its owned Security Operation Center (nSOC). These services are a structural element of the organization's compliance with regulatory standards such as GLBA, PCI, SOX, HIPAA, FISMA, NERC CIP, ISO 27001/27002 and GDPR.